How do integrations with Procore access my company's data?

Background

Procore's Application Programming Interface (API) allows for other software to be integrated with the Procore application. Many integrations are available through the Procore Marketplace. You can also build a custom integration, or contract a third party developer to build one for your company. Integrations with Procore are sometimes referred to as 'apps'. 

Answer Edit section

No matter what type of integration you're implementing, there are two (2) types of authorization flows an integration can use to access the data in your company's Procore account. The integration's developer will choose one, the other, or both in combination to allow their integration to do what it's built to do.

Authorization Code Edit section

Apps that rely on a specific user's Procore permissions use this authorization flow.

Apps using this type of authorization flow act on behalf of a specific user. Each user must first log in to the app with their own unique login credentials. After successfully logging in, the app can interact with Procore according to the user's Procore permissions. These types of apps have access to the same projects and information as the individual using the app.

For example, if an Admin user installs an app for their company's Procore account, then the user Jane logs in to that app as a user, that app can see and interact with the same items in Procore that Jane can. If the user John also logs in to the same app, as a member of the same company in Procore, but with different permissions than Jane, that app will only be able to see and interact with what John can.

DMSA Edit section

Apps using Developer Managed Service Accounts (DMSAs) use this authorization flow.

A DMSA appears as a user in your Procore Directory, and functions as the integration's way to log in to your Procore account and interact with your company's data. Developers determine the permissions necessary for the app to do its job, and the DMSA user is assigned those permissions by default upon installation. At the time of installation, Procore Administrators are notified of the permissions the app requires, and can choose to approve or deny installation.

This type of app has the same permissions to your company's data, no matter which user is interacting with it. This authorization flow is common for apps that are regularly synchronizing data across connected systems, with the intent of keeping data as tightly synced as possible. This type of app is not allowed to take action in Procore on behalf of a specific user, unless its developers have also chosen to use the authorization code flow in conjunction with DMSA.

 

See Also